diff options
author | Tyson Andre <tysonandre775@hotmail.com> | 2016-11-20 15:18:32 -0800 |
---|---|---|
committer | Tyson Andre <tysonandre775@hotmail.com> | 2016-11-20 15:46:13 -0800 |
commit | cdb7aafc23bd1fd396305df9cddca1717b58f2b3 (patch) | |
tree | 2bb7f7848ed92471b8aad648a99569672860102a | |
parent | 60574ea1ac4790abe818c2c7510d0e391c12c06a (diff) | |
download | php-git-cdb7aafc23bd1fd396305df9cddca1717b58f2b3.tar.gz |
Fix memory leak(null coalescing operator with Spl hash)
The SEPARATE_ARG_IF_REF macro increased the refcount of the object passed as a
key.
However, when the key did not exist in the ArrayAccess implementation,
the code returned early without trying to decrement the refcount.
Add a test of `??` succeeding+failing on a SplObjectStorage instance.
-rw-r--r-- | Zend/zend_object_handlers.c | 2 | ||||
-rw-r--r-- | ext/spl/tests/observer_010.phpt | 15 |
2 files changed, 17 insertions, 0 deletions
diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c index 70dab660b3..af92d67496 100644 --- a/Zend/zend_object_handlers.c +++ b/Zend/zend_object_handlers.c @@ -736,9 +736,11 @@ zval *zend_std_read_dimension(zval *object, zval *offset, int type, zval *rv) /* if (type == BP_VAR_IS) { zend_call_method_with_1_params(object, ce, NULL, "offsetexists", rv, offset); if (UNEXPECTED(Z_ISUNDEF_P(rv))) { + zval_ptr_dtor(offset); return NULL; } if (!i_zend_is_true(rv)) { + zval_ptr_dtor(offset); zval_ptr_dtor(rv); return &EG(uninitialized_zval); } diff --git a/ext/spl/tests/observer_010.phpt b/ext/spl/tests/observer_010.phpt new file mode 100644 index 0000000000..5cedff8c7c --- /dev/null +++ b/ext/spl/tests/observer_010.phpt @@ -0,0 +1,15 @@ +--TEST-- +SPL: SplObjectStorage null coalescing operator memory leak +--FILE-- +<?php +// In maintainer zts mode, this should no longer +// detect memory leaks for the objects +$a = new stdClass(); +$b = new stdClass(); +$map = new SplObjectStorage(); +$map[$a] = 'foo'; +var_dump($map[$b] ?? null); +var_dump($map[$a] ?? null); +--EXPECTF-- +NULL +string(3) "foo" |